NET book to highlight many challenges, misperceptions, and false assumptions of producing secure, implementationally correct . However, rsa crypto c recognizing the pitfalls of .
Java implementations ported to equally-old . If you have a crypto archaeology itch, Bouncy Castle will scratch it. How do you build trust in a crypto library? Inferno has also been professionally audited. Safe by design: safe algorithms, safe modes, safe choices. The particular choice of SHA384 is explained in “Implementation Details” section. Don’t forget to Dispose after use.
SP_800_108_Ctr implements NIST SP800-108 Counter-mode KDF. The SafeUTF8 encoding instance will instead throw on any invalid byte sequence. For an alternative approach to preventing entropy loss without exceptions see “String serialization” section. NET lacks an implementation of CTR mode, and most of the Internet-available .
NET implementations of AES-CTR are poorly implemented. Inferno implementation should satisfy anyone who needs a generic . AES-256 is the only block cipher used. CTR block cipher mode is used. SHA-384 is the best hash in the SHA2 hash family: it is as fast as SHA-512 on 64-bit platforms but, unlike SHA-512 or SHA-256, its truncated design serves as an effective defense against length extension attacks. The MAC key is also 128-bit.
ECDSA and ECDHM are done over P-384 curve with SHA-384 hash. Each chunk except the last chunk has a fixed length of 84,984 bytes. This number is chosen as the largest buffer size that avoids . Chunk 1 can be the last chunk. Each chunk is encrypted with EtM_CTR described above. The storage efficiency is thus 99. The inclusion of chunk counter in key derivation prevents chunk reordering.
The output is indistinguishable from random noise. As cool as Poly1305 nonce-based MAC is, it is not a ubiquitous MAC, and is limited to 128 bits. The CAESAR competition will soon provide a new portfolio of AEAD primitives. Why is Inferno not using AES-GCM? GCM has many restrictions and is very brittle and hard to implement correctly.
The MAC part of GCM is weaker than HMAC. GCM MAC is nonce-based, which is an unnecessary complication. The ‘recommended’ GCM implementations use 96-bit tags, which can be at most 128 bits. Inferno uses 128-bit tags and can easily accommodate shorter or longer tags if needed.
GCM does not handle tag truncation well. GCM is not available in . To be clear, Inferno would not use it even if it were, or becomes available. 50 years, but GCM is less likely to be around.
All crypto primitives used by Inferno have Microsoft-maintained implementations that have been around since . PGP Stealth software to add steganography support to pgp2. Satoshi Nakamoto’s wikipedia page which the editors deleted? GAK enabling features into pgp 5. The coderpunks list is dead try the cypherpunks-moderated list. NET book to highlight many challenges, misperceptions, and false assumptions of producing secure, implementationally correct .